General
-
Target
df9ae1ee4f2b0aa1f7a2e70779f9dbd4.bat
-
Size
222B
-
Sample
200815-vt34hr5826
-
MD5
19b3b3791a8bb6e48fca9c29132a649e
-
SHA1
b03af91b377f63ab4d6c236a7f942643aa66498f
-
SHA256
4167595a02a41357a7cb611b831f74f802ce747c124913fefe76789babbf1c40
-
SHA512
f2e3d44f22f21c2a5d24013772ec273c510fc76ab32e6586125c22d968886198d2225138570153385fb94b06f0360e13a59fd7fe33fef2aa3c447e25554eac42
Static task
static1
Behavioral task
behavioral1
Sample
df9ae1ee4f2b0aa1f7a2e70779f9dbd4.bat
Resource
win7v200722
Behavioral task
behavioral2
Sample
df9ae1ee4f2b0aa1f7a2e70779f9dbd4.bat
Resource
win10
Malware Config
Extracted
http://185.103.242.78/pastes/df9ae1ee4f2b0aa1f7a2e70779f9dbd4
Extracted
C:\550tx9u8m-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/C674556755EA6F06
http://decryptor.cc/C674556755EA6F06
Extracted
C:\z795dq-readme.txt
sodinokibi
http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/3FB5F5D0526F17E3
http://decryptor.cc/3FB5F5D0526F17E3
Targets
-
-
Target
df9ae1ee4f2b0aa1f7a2e70779f9dbd4.bat
-
Size
222B
-
MD5
19b3b3791a8bb6e48fca9c29132a649e
-
SHA1
b03af91b377f63ab4d6c236a7f942643aa66498f
-
SHA256
4167595a02a41357a7cb611b831f74f802ce747c124913fefe76789babbf1c40
-
SHA512
f2e3d44f22f21c2a5d24013772ec273c510fc76ab32e6586125c22d968886198d2225138570153385fb94b06f0360e13a59fd7fe33fef2aa3c447e25554eac42
Score10/10-
Sodin,Sodinokibi,REvil
Ransomware with advanced anti-analysis and privilege escalation functionality.
-
Blacklisted process makes network request
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-